• Magazine
    • Past Issues
    • Subscribe
    • Change Mailing Address
    • Surveys
    • Guidelines for Authors
    • Editorial Calendar
    • Editorial Deadlines
    • Dynamic Chiropractic
      • Newspaper
      • Subscription
    • The American Chiropractor
      • Magazine
  • Practice
    • Business Tips
    • Chiropractic Schools
    • Clinical & Technique
    • eBooks
    • eCourses
    • Sponsored Content
    • Infographics
    • Quizzes
    • Wellness & Nutrition
    • Personal Growth
    • Podcast
    • Coronavirus (COVID-19)
  • Resource Centers
  • Products & Services
    • Buyers Guide
    • Products Directory
    • Submit a Product
    • Vendor Login
  • Datebook
    • Become an Events Poster
    • Post an Event
    • View Events
  • Jobs
    • Jobs
    • Post a Job
  • Advertise
    • Advertising Information
    • Media Kit
    • Contact Us

Your Online Chiropractic Community

Chiropractic Economics Your Online Chiropractic Community
Subscribe
  • Home
  • Current Issue
  • News
  • Webinars
  • Chiropractic Research
  • Students

Know your PHI vs. personally identifiable information policy for HIPAA compliance

Christina DeBusk November 16, 2021

Know the differences between personally identifiable information policy and PHI for staying aligned with HIPAA and avoiding violations

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) sets forth four tiers of penalties for violating the Health Insurance Portability and Accountability Act or HIPAA. They range from $100 to $50,000 per violation depending on the offense, making it a must to distinguish between personal health information (PHI) and personally identifiable information (PII) policy. Not only can this type of consequence do damage to a practice financially, but it can also hurt its reputation within the community — sometimes irreparably.

Taking the necessary actions to protect your patients’ protected health information or PHI requires first understanding what data is to be protected. It also involves knowing how PHI is different from personally identifiable information or PII, as well as when the two intertwine.

What is PHI?

The U.S. Department of Health & Human Services explains that information that falls under the umbrella of PHI includes:

  • Information within your medical records that has been placed there by a member of your healthcare team (doctors, nurses, etc.)
  • Any conversations you’ve had with your health care team about your medical care
  • Information that your health insurance company has input in their computer system about you
  • Billing information
  • “Most other health information” about you that is stored by entities bound by HIPAA laws (healthcare providers and clearinghouses, health plans, and their business associates)

Most of these categories are fairly vague, which can open the door to some confusion. Though, the HIPAA Journal offers a much clearer definition of what falls under PHI, which it indicates includes lab test results, health history information, diagnoses, treatments, insurance information, and even allergies.

PHI vs personally identifiable information policy: the differences

Although PHI and PII are often used interchangeably, they are two very different terms. The Department of Homeland Security reports that personally identifiable information is, in part, “any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual…”

Information that falls under sensitive PII is:

  • Social Security Numbers
  • Driver’s license numbers
  • Financial records
  • Criminal history
  • Medical records

Based on this definition, PHI is a subcategory of PII. Though, there are times when the two intersect. Understanding this, and being able to recognize when it occurs, is important to keeping your practice from committing a potentially expensive and reputationally damaging HIPAA violation.

When PHI and PII intersect

HealthITSecurity shares that, although some  personally identifiable information policy on its own is not necessarily protected under HIPAA, there may be instances where it can be categorized as PHI. That would prevent the information protection from being released.

For example, a patient’s address and telephone numbers are typically PII. However, if either of these data points is paired with that patient’s diagnosed health condition or their designated treatment plan, the original PII data now falls under PHI.

Essentially, if PII is paired with PHI and, therefore, could be used to identify a specific patient, that PII becomes PHI and is protected under HIPAA.

Staying HIPAA-compliant

Keeping your practice HIPAA-compliant requires taking all actions possible to keep your patient’s PHI safe and secure, especially when transferring that data to outside agencies such as their insurance providers.

One way to protect a patient’s health records and medical information is by encrypting the data when transmitting it out of your office. This scrambles the information so it cannot be read if it does happen to be intercepted. Only the receiving entity will know what it says because they have the program necessary to return the information to its readable form.

Using security software can also help protect your patients’ PHI by making your system more impenetrable by hackers. Not only is this important from a patient security standpoint, but Cybercrime Magazine reports that 60% of small businesses will close within six months of being hit by a hacker. So, stopping this type of attack can reduce the chance that you’ll wind up closing your doors for good.

HealthIT indicates that electronic health record (EHR) systems can help protect PHI by encrypting data and by making that data harder to access. Examples of the latter include setting passwords and using PIN numbers to enter the system, locking out anyone who doesn’t have the necessary permissions.

Related Posts

  • EHR and patient satisfaction: new systems letting patients choose chiropractic benefitsEHR and patient satisfaction: new systems letting patients choose chiropractic benefits
  • EHR progress notes and cloning to save timeEHR progress notes and cloning to save time
  • The new EHR systems: determining the best for your practiceThe new EHR systems: determining the best for your practice
  • Platinum System Announces Their Next Generation Cloud-Based 360 EHR Software Called Platinum 2.0Platinum System Announces Their Next Generation Cloud-Based 360 EHR Software Called Platinum 2.0
  • Marketing with patient data: turn patient data into marketing goldMarketing with patient data: turn patient data into marketing gold
  • Chiropractic EHR software can be your practice management consultantChiropractic EHR software can be your practice management consultant

Filed Under: Chiropractic Business Tips, Chiropractic Practice Management Tagged With: EHR, electronic health records, hipaa

Current Issue

CE issue 4 cover

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • YouTube logoYouTube logoYouTube

Compare Subscriptions

Dynamic Chiropractic

The American Chiropractor

3948 3rd Street South #279,

Jacksonville Beach, FL 32250

Phone 904.285.6020

CONTACT US »

Privacy Policy & Terms of Service

Copyright © 2021, All Rights Reserved

SUBSCRIBE TO THE MAGAZINE

Get Chiropractic Economics magazine
delivered to your home or office. Just
fill out our form to request your FREE
subscription for 20 issues a year,
including two annual Buyers Guides.

SUBSCRIBE NOW »

Latest Chiropractic News

  • House, Senate Reintroduce Bill to Increase Medicare Coverage of Chiropractic Services
  • ‘Impact of Back Pain in the Workplace’ Authored by Foot Levelers Chairman and CEO Kent S. Greenawalt, Publishes in The Journal of Compensation and Benefits
  • Life Chiropractic College West Expands to a Second Campus in Bellevue, Nebraska
    Life Chiropractic College West logo